Senators ask SEC to review and update cyber breach disclosure rules

26 Sep 2017

A group of senators yesterday asked Wall Street's top watchdog to review and potentially update its rules governing when public companies should disclose cyber breaches, as concerns mounted over  the threat hackers pose to the financial system.

The request sent in a letter by members of the Senate Banking Committee to US Securities and Exchange Commission (SEC) chair Jay Clayton comes after a cyber attack on consumer credit reporting bureau, Equifax Inc and the SEC itself faced questions over the breach of its corporate filing database.

Clayton who will be quizzed today by senators over how hackers were able to gain access non-public information in its EDGAR database in 2016, has said he considered cyber security to be top priority for the agency.

''Given your statements, the Equifax breach as well as the increased threat posed by cyber breaches and attacks, we ask you to have the SEC's staff review whether the 2011 guidance ... regarding disclosure obligations relating to cyber security risks and cyber incidents should be updated,'' the committee asked Clayton in the letter.

The hack into Equifax's systems exposed data of 143 million customers, but the company disclosed the breach over a month after it learnt of it on 29 July.

Meanwhile, according to commentators, Clayton will likely face an especially tough hearing in front of Congress today, after the agency acknowledged that it also was a victim to a hack.

Clayton, who has been at the head of the SEC since May, will likely not face calls for his removal as the breach happened over year ago, before he was sworn in. He may, however, face questions about whether the SEC, the federal government's main arm for enforcing rules and regulations on Wall Street, was up to the task of keeping data secure.

According to commentators, two major issues in the SEC breach involve the potential for insider trading and whether the SEC had known about the security breach for months and only recently decided to disclose it.